Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

Aurora Stealer Malware is becoming a prominent threatSecurity Affairs

admin by admin
November 22, 2022
in Cyber News


Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild.

Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire. It is a multi-purpose botnet with data stealing and remote access capabilities.

Researchers at SEKOIA identified 7 traffers teams on Dark Web forums that announced the availability of the Aurora Stealer in their arsenal, a circumstance that confirms the increased popularity of the malware among threat actors.

Traffers Team Malware arsenal Launch date Last observed activity
RavenLogs Aurora, Redline 17/10/2022 14/11/2022
BrazzersLogs Aurora, Raccoon 14/11/2022 14/11/2022
DevilsTraff Aurora, Raccoon 30/10/2022 14/11/2022
YungRussia Aurora 16/10/2022 31/10/2022
Gfbg6 Aurora 14/09/2022 24/10/2022
SAKURA Aurora 10/08/2022 04/11/2022
HellRide Aurora 09/07/2022 15/07/2022

In October and November 2022, the researchers analyzed several hundreds of collected samples and identified dozens of active C2 servers. The experts also observed multiple infection chains leading to the deployment of Aurora stealer. The attackers used methods to deliver the malware, including phishing websites masquerading as legitimate ones, YouTube videos and fake “free software catalogue” websites.

“These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake cracked software download websites.” reads the analysis by the experts.

The malware was also able to target 40 cryptocurrency wallets and applications like Telegram.

Threat actors behind this malware also advertised its loader capabilities, the malicious code in fact is able to deploy a next-stage payload using a PowerShell command.

“Aurora is another infostealer targeting data from browsers, cryptocurrency wallets, local systems, and acting as a loader. Sold at a high price on market places, collected data is of particular interest to cybercriminals, allowing them to carry out follow-up lucrative campaigns, including Big Game Hunting operations.” concludes the report. “As multiple threat actors, including traffers teams, added the malware to their arsenal, Aurora Stealer is becoming a prominent threat.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Aurora Stealer)



Share On






Source link

Previous Post

Denied a ticket, former Gujarat Cong MLA joins BJP –

Next Post

How the cyber incident reporting law could finally fix the information sharing problem

Next Post

How the cyber incident reporting law could finally fix the information sharing problem

Recommended

Despite hospitals struggling with Covid, China claims 0 covid deaths –

1 month ago

NSA says Chinese hackers are actively attacking flaw in widely used networking device

2 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.